Re: [CR]Warning Probable Virus

(Example: Framebuilding)

Date: Fri, 19 Mar 2004 13:01:06 -0500
Subject: Re: [CR]Warning Probable Virus
From: <unreceived_dogma@mindspring.com>
To: jerrymoos <jerrymoos@sbcglobal.net>
cc: classicrendezvous@bikelist.org

The giveaway is that it is not signed off by Dale/Oroboyz, but by "The Bikelist.org team".

But if the worm spreads from machine to machine, why can these worms be able to re-identify themselves as "The Bikelist.org team" but not "OROBOYZ"?

Michael Lebron still snowing in NYC

---------- At 10:48 AM 3/19/2004 -0600, jerrymoos ushered forth:
>Just received the message below, supposedly from the CR host site. This is
>very similar to a hoax supposedly from my inernet service provider saying
>the service would be interrupted for two days unless one went to a link to
>configure an "autoforwarding" service. There have been similar hoaxes on
>corporate networks.

It's a hoax alright, but it's not being spread by any particular individual. It is being promulgated by a worm -- the worm that is installed by executing the (fortunately detached) attachment to the message itself. It is one of many variants of the bagle/beagle worm. Executing the attachment plants the worm on one's local machine, and it spreads itself from there.

<http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.m@mm.htm l>

Its presence on this list means that some subscriber to the list has the worm on their machine.

rgds, Dave Baseley, just in from cleaning out yet another late winter snowfall in Berks County PA
>From: "jerrymoos" <jerrymoos@sbcglobal.net>
>To: <classicrendezvous@bikelist.org>
>Subject: [CR]Warning Probable Virus
>Date: Fri, Mar 19, 2004, 11:48 AM
>
>Just received the message below, supposedly from the CR host site. This is
>very similar to a hoax supposedly from my inernet service provider saying
>the service would be interrupted for two days unless one went to a link to
>configure an "autoforwarding" service. There have been similar hoaxes on
>corporate networks. Beware! Don't take the requested actions unless you
>can confirm this is legit, which I doubt.
>
>Regards,
>
>Jerry Moos
>Houston, TX
>
>----- Original Message -----
>From: <staff@bikelist.org>
>To: <classicrendezvous@bikelist.org>
>Sent: Friday, March 19, 2004 6:41 AM
>Subject: [CR]E-mail account disabling warning.
>
>
>> Dear user of Bikelist.org gateway e-mail server,
>>
>> Our main mailing server will be temporary unavaible for next two days,
>> to continue receiving mail in these days you have to configure our free
>> auto-forwarding service.
>>
>> For details see the attached file.
>>
>> Best wishes,
>> The Bikelist.org team
>http://www.bikelist.org